Atlassian Jira < 4.1.1 Multiple Vulnerabilities
High Nessus Plugin ID 106622
SynopsisThe remote web server hosts a web application that is potentially affected by multiple vulnerabilities.
DescriptionAccording to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities :
- Remote authenticated attackers can exploit the privilege-escalation issue to gain SYSTEM-level privileges, completely compromising affected computers.
- Remote attackers can leverage the cross-site scripting vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionApply the relevant patch referenced in the JIRA security advisory.